I'm writing a piece of software which will have to store a users password to allow authentication with a 3rd Party service. Unfortunately, this service currently requires the use of a password rather ...

I am a beginner when it comes to any EC algorithm, so please help me understand this basic question.
While reviewing the C# code, how can we find out the key-size used in the ECDH implementation? or ...

It is normal to list some extra-secure compiler options to prevent attacks on C and C++. However, I have not found any similar recommendations for C#. Are compiler options simply not relevant to C# ...

When my users are authenticated they receive an authentication token, I need to use this authentication token to authorize some asp.net WebAPI calls. To do this I need to add the token to the head of ...

.Net has a feature called request validation which detects malicious inputs and blocks the request.
By its nature, request validation is not a precise science. OWASP clearly recommend to only rely on ...

Been trying to wrap my head around oAuth 2.0, but I'm struggling figure out the correct way to implement it for our system, as there are so many different approaches.
Our specifications are:
Secure ...

I'm not very familiar with encryption and new to this, I'm just learning it right now by code review of one of the class we have in an application to encrypt a password using AES. Would anyone explain ...

To start with, I am dangerously bad at security. I am aware of this, which is why I'm asking for help to figure this out.
I have a POCO object, which is exposing an ICollection of a model object, so ...

During coding, I have used both MD4 and MD5 encryption techniques. But there hasn't been any noticeable security difference between either of them. And yet, most of them prefer MD5, in fact specify ...

Does encrypting a value in the web.config file actually provide any real protection? It seems to me that any web app can read that setting. Yes that's more work than just reading the web.config file, ...

I assume that the best way to handle passwords for a website is I create a hash of the password and save that hash in my database. Then when someone tries to login, I do a hash of the password they ...

We need to provide a license key to customers for our application. The actual license is XML but we need to encrypt it and then in our program decrypt it. I think it is the following, but am asking to ...

I saw some suspicious errors being generated on my site based on pages that were requested. My error is logging the path that the user is trying to access. Because of these errors (and the paths that ...

Hello my team is tasked to perform security focused training for developers (.NET and JAVA). I have used WebGoat to demonstrate OWASP Top 10 type security vulnerabilities and am looking for a similar ...

I have a very simple app that does allow unauthenticated users to leave comments (maybe later I will incorporate a capatcha). The app then stores the comments in a mysql db. I do my best to filter out ...

Suppose I have this scenario:
User --> Inputs License Key --> I validate it --> If success, good, move onto main window. If not, prompt the user to reenter the license key.
The license key will not ...

I have always been told that writing your own login method (e.g. validate user given the username and password) is bad practice, and that one should reuse existing libraries for that.
I have always ...

I'm going to rephrase a question I asked earlier, as I don't think anyone understood what I meant.
Bascially I'm writting a web based password locker, which can have multiple accounts; so that users ...

I'm writing a project to securely store and share passwords between users, I've been doing tons of research into encryption algorithms, CSPRNGs, hashing algorithms, key stretching etc...
I just want ...

I'm using sslstream to communicate a client and a server, and i need to use RSA encryption, i have made some tests with a brute keyexchange, using sslStream.write(modulusPublicKey).
And receiving like ...

I am a computer science student interested in the field of security and just had a few questions.
What are the pros and cons for using C# for security purposes, I had assumed applications programmed ...

I'm creating a web API in .Net for a web application. I'm wondering what the industry standard for login authentication is.
I know that most people believe that sending cleartext username/passwords ...

I am in a situation where I would like to encrypt audio and text files for an application I am working on. I did some looking around and from what I have seen the Rijndal encryption algorithm would ...

My question is pretty similar to : http://stackoverflow.com/questions/5487757/using-hmac-sha1-for-api-authentication-how-to-store-the-client-password-secure.
Basically, I want to write an API for my ...

I'm testing a client's web site vulnerability to SQL injection, which appears to be the case. The web site is hosted in IIS on a Windows server and is using Microsoft's .NET framework with SQL. I'm ...

One of my colleagues has a web api call that is checking that the user is logged in and his token matches what is in session (thanks to all of you for your help). Let's say this is layer blue.
After ...